GuardedID Overview

Though PC users are worried about spyware that tracks web site visits, and crashes their PCs, there are more insidious threats out there. A more powerful breed of spyware can log keystrokes (including passwords and credit card numbers) and send that information to criminals. This type of software is called a keylogger.

What is a keylogger ?

A keylogger is a type of surveillance software that has the capability to record every keystroke you make and is logged to a file (usually encrypted). A keylogger can record instant messages, e-mail, and any information you type at any time using your keyboard. The log file created by the keylogger can then be sent to a specified receiver. Some keylogger programs will also record any e-mail addresses you use and Web site URLs you visit.

 

A keylogger can be inserted into a victim’s computer via several ways. It can be carried by a virus or spyware. It can come as an attachment in an e-mail. For example, the Corporate IT Forum spam email contains a website link, the clicking of which, causes a keylogger to be loaded into the computer. It can even be embedded in an mp3 file or delivered via a XSS (Cross Site Scripting) attack.

Why current anti-virus software is ineffective ?

All anti-spam and anti-virus tools are based on scanning a computer for files with a particular signature. The database containing signatures of known bad files have to be continuously updated. The major caveat in this approach is the existence of the signature of a known problematic file. Spammers and criminals are currently deploying sophisticated software which dynamically changes the file signature. Therefore, anti-spam tools are no longer effective against keyloggers. Also, there is significant time between detecting a new keylogger on the Internet and the anti-keylogging signature being updated on anti-virus/spyware software. This time gap can take a month to a couple of months.

 

How GuardedID protects users

GuardedID uses a different approach to defend against keyloggers. Rather than trying to detect keyloggers, it takes a preventive approach. It takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are then encrypted and sent to the browser via an “Out-of-Band” channel bypassing the Windows messaging queue. GuardedID has a built in self-monitoring capability. This prevents it from being bypassed by other software. If GuardedID is tampered with in any way, it will warn the user of the breach.

CryptoColor

GuardedID uses a unique method to indicate to the user that the product is working and the user input is secured. It colors the text input box that the user is entering data in. The color can be selected by the user. This provides strong visual feedback to the user that they are operating in a secure environment and their keystrokes are secure.

Keyboard device driver monitoring

GuardedID constantly monitors the keyboard device driver stack to detect un-trusted drivers (which could potentially be keyloggers). If an un-trusted driver is discovered, GuardedID warns the user by showing the "Unknown Driver Warning" dialog. The name of the suspect driver is displayed in the dialog. The GuardedID state indicator will turn orange instead of green to indicate warning. Details are logged into the event log which can be viewed.

Anti-Clickjacking

Clickjacking is a new vulnerability that has recently surfaced. Web coding allows a single web page to be constructed from different items (ads, images, links, etc.) in "frames". Normally, the frames all come from a single domain (like guardedid.com) but they may come from other domains (ad servers, media servers, etc.). Clickjacking uses this normally helpful feature to trick users by showing the expected web page but overlaying or underlaying some other unexpected page from a different domain. As a result a web page can have a hidden frame that contains a clickable button that can invisibly hover below the user’s mouse, so that when the user clicks the mouse, they inadvertently click the invisible button, causes an undesirable action, such as, downloading malware, transferring money, buying something, etc. The only solution that works, in some cases, is to disable Javascript, something that will drastically reduce the usability and the Internet experience.

GuardedID anti-clickjacking feature takes another approach. It looks at the web page and warns the user when content is not from the same domain. If false content is hidden in an invisible overlay, GuardedID makes it visible. If the content is hidden underneath, GuardedID draws red borders around it. Either way, the user can be fully aware of the content and then be cautious of his/her movements on the page.

Anti-Screen-scraping

Screen-scraping is a technique used by malware to record the contents of your computer screen. GuardedID blocks this capability and protects you against this threat.

GuardedID is available in the following versions

• Standard - Secures a users entire Internet experience - In this scenario, GuardedID is automatically launched every time the browser is opened for any type of online activity i.e. banking, shopping, browsing, email etc. As a consumer, this option requires the user to download and install the GuardedID toolbar into their Internet browser.
• Premium - Secures a users entire Internet experience as well as most Windows applications (such as Microsoft Word/Excel/etc., IM/chat, financial/accounting applications and many other applications) – This option includes the functionality of the Standard version.
• Enterprise - Secures a users entire Internet experience as well as most Windows applications – In this scenario, GuardedID is purchased and distributed by a corporation to its employees to protect all activities whether on a corporate network or working remotely. GuardedID can be distributed via a Group Policy (GPO) installer by the System Administrator. Great for corporations, government agencies, banks etc.
• SDK - GuardedID can be integrated into other applications via an SDK. Contact us for more information.
• Re-branding & Bundling - GuardedID can be re-branded and bundled for OEMs. Contact us for more information.